Microsoft just announced new access and security controls for Outlook for iOS today. With the new update, Outlook now uses Active Directory Authentication Library (ADAL)-based authentication for Exchange Online mailboxes in Office 365, replacing the previously used basic authentication method. This new authentication method enables IT administrators to configure new access scenarios for sign in to Office 365 and to better control and manage Outlook on mobile devices in their organization.
Straightforward Sign-In Experience for Users
With this new update, users will now have an "Office 365" login tile for connecting to an Office 365 mailbox from Outlook. As many users are used to selecting the "Exchange" tile for accessing their Office 365 email, Microsoft built intelligence into the sign in process to prevent users from getting stuck. If an Office 365 user selects Exchange out of habit, or by accident, Outlook will guide the user to login via the new ADAL sign in method.
Of course, Microsoft has millions of users already signed in to Office 365 using basic authentication. Over the next week, all Office 365 users will receive a prompt to re-login, which will trigger the new ADAL sign in page. This will automatically convert their account from basic authentication to OAuth. If you've applied multi-factor authentication policies, these will immediately take effect.
Quick Introduction to ADAL-Based Authentication
Microsoft's ADAL-based authentication stack enables Outlook to engage in browser-based authentication with Office 365. Used by Office apps on both desktop and mobile, users sign in directly to Office 365's identity provider (Azure Active Directory) to authenticate, rather than providing credentials to Outlook.
The screenshot below shows the new sign in experience for users when connecting to an Office 365 Exchange Online mailbox from Outlook.
This new sign in method enables new benefits for IT including OAuth for Office 365 and support for multi-factor authentication.
OAuth for Office 365
ADAL-based sign in enables OAuth for Office 365 accounts, providing Outlook with a secure mechanism to access email without requiring access to the user's credentials. At sign in, the user authenticates directly with Office 365 and receives an access token in return, which grants Outlook access to your mailbox.
Outlook already uses OAuth for Outlook.com, OneDrive, Dropbox, Box and Gmail. As Exchange Active Sync does not support OAuth, Microsoft continues to use basic authentication for these users. You can read more about how Microsoft secures user credentials for Exchange on the Office 365 Network here.
Support for Office 365 Multi-Factor Authentication
Lastly, Outlook now supports multi-factor authentication for Office 365. Multi-factor authentication helps secure the user sign-in for cloud services beyond just a single password. When enabled, users are required to acknowledge a phone call, text message, or app notification on their smartphones after correctly entering their passwords. They can sign in only after this second authentication factor has been satisfied.